Following along with the tutorial at Automate Consul Agent Security with Auto Config | Consul | HashiCorp Developer and equipped with my newfound ability to generate JWTs, to my consternation consul decides to not want to start when having the auto_config stanza populated according to the tutorial as follows:
auto_config {
authorization {
enabled = true
static {
oidc_discovery_url = "http://10.0.0.2:8200/v1/identity/oidc"
bound_issuer = "http://10.0.0.2:8200/v1/identity/oidc"
bound_audiences = ["consul-cluster-dc1"]
claim_mappings = {
"/consul/hostname" = "node_name"
}
claim_assertions = [
"value.node_name == \"${node}\""
]
}
}
}
When trying to start, the server gives me the following error message:
# journalctl -fu consul
Jan 23 19:04:03 myhost consul[3641]: ==> auto_config.authorization.static has invalid configuration: error checking OIDCDiscoveryURL: oidc: issuer did not match the issuer returned by provider, expected "http://10.0.0.2:8200/v1/identity/oidc" got "/v1/identity/oidc"
I am at a bit of a loss, as far as I can tell there is no further config done in the tutorial when it comes to that url, so I am a bit stumped as to what to put in there to get the server to start working. Anyone got any helpful suggestions on what to do in order to get the absolute url instead of the relative one?